majic-ansible-roles Changeset

Changeset - 0a435b5ba2cf

Parent rev.

Child rev.

[Not reviewed]

0 15 0

Branko Majic (branko) - 12 days ago 2024-09-07 15:11:30
branko@majic.rs

MAR-218: Upgrade test site for Ansible 10.x and fix linting errors:

- Disable name checks when importing playbooks into top-level playbook
to avoid naming duplication.

15 files changed with 99 insertions and 53 deletions:

testsite/playbooks/backup.yml

testsite/playbooks/bootstrap.yml

testsite/playbooks/ldap.yml

testsite/playbooks/mail.yml

testsite/playbooks/preseed.yml

testsite/playbooks/roles/phpinfo/tasks/main.yml

testsite/playbooks/roles/wsgihello/handlers/main.yml

testsite/playbooks/roles/wsgihello/tasks/main.yml

testsite/playbooks/roles/wsgihello2/handlers/main.yml

testsite/playbooks/roles/wsgihello2/tasks/main.yml

testsite/playbooks/site.yml

testsite/playbooks/tls.yml

testsite/playbooks/web.yml

testsite/playbooks/ws.yml

testsite/playbooks/xmpp.yml

0 comments (0 inline, 0 general)

testsite/playbooks/backup.yml

➞

Show inline comments

 ---
 - hosts: backup
 - name: Deploy backup server
   hosts: backup
   remote_user: ansible
   become: true
   roles:
     - common
     - mail_forwarder
     - backup_server

testsite/playbooks/bootstrap.yml

➞

Show inline comments

 ---
 - hosts: testsite
 - name: Bootstrap servers for Ansible use
   hosts: testsite
   remote_user: root
   roles:
     - bootstrap

testsite/playbooks/ldap.yml

➞

Show inline comments

 ---
 - hosts: ldap
 - name: Deploy LDAP server
   hosts: ldap
   remote_user: ansible
   become: true
   roles:
     - common
     - mail_forwarder
     - ldap_client
     - ldap_server
 - hosts: ldap
 - name: Create data on LDAP server
   hosts: ldap
   remote_user: ansible
   become: true
   tasks:
     - name: Add users to mail LDAP group
-      ldap_attr:
+      community.general.ldap_attrs:
         dn: "cn=mail,ou=groups,{{ testsite_ldap_base }}"
         name: uniqueMember
         values:
         attributes:
           uniqueMember:
             - "uid=johndoe,ou=people,{{ testsite_ldap_base }}"
             - "uid=janedoe,ou=people,{{ testsite_ldap_base }}"
         state: present
     - name: Add user to XMPP LDAP group
-      ldap_attr:
+      community.general.ldap_attrs:
         dn: "cn=xmpp,ou=groups,{{ testsite_ldap_base }}"
         name: uniqueMember
         values:
         attributes:
           uniqueMember:
             - "uid=johndoe,ou=people,{{ testsite_ldap_base }}"
             - "uid=janedoe,ou=people,{{ testsite_ldap_base }}"
         state: present

testsite/playbooks/mail.yml

➞

Show inline comments

 ---
 - hosts: mail
 - name: Deploy mail server
   hosts: mail
   remote_user: ansible
   become: true
   roles:
     - common
     - ldap_client
     - mail_server

testsite/playbooks/preseed.yml

➞

Show inline comments

 ---
 # Playbook for generating Debian preseed files for automating the installation.
 - hosts: preseed
 - name: Generate Debian preseed files for automated installation
   hosts: preseed
   roles:
     - preseed

testsite/playbooks/roles/phpinfo/tasks/main.yml

➞

Show inline comments

 ---
 - name: Create directory for hosting the application
   file: dest="/var/www/phpinfo.{{ testsite_domain }}/htdocs/" state=directory
         owner="admin-phpinfo_{{ testsite_domain_underscores }}" group="web-phpinfo_{{ testsite_domain_underscores }}" mode=2750
   ansible.builtin.file:
     dest: "/var/www/phpinfo.{{ testsite_domain }}/htdocs/"
     state: directory
     owner: "admin-phpinfo_{{ testsite_domain_underscores }}"
     group: "web-phpinfo_{{ testsite_domain_underscores }}"
     mode: "02750"
 - name: Deploy the index.php
   copy: src="index.php" dest="/var/www/phpinfo.{{ testsite_domain }}/htdocs/index.php"
         owner="admin-phpinfo_{{ testsite_domain_underscores }}" group="web-phpinfo_{{ testsite_domain_underscores }}" mode=640
   ansible.builtin.copy:
     src: "index.php"
     dest: "/var/www/phpinfo.{{ testsite_domain }}/htdocs/index.php"
     owner: "admin-phpinfo_{{ testsite_domain_underscores }}"
     group: "web-phpinfo_{{ testsite_domain_underscores }}"
     mode: "0640"

testsite/playbooks/roles/wsgihello/handlers/main.yml

➞

Show inline comments

 ---
 - name: Restart wsgihello
   service:
+  ansible.builtin.service:
     name: "wsgi.{{ testsite_domain }}"
     state: restarted

testsite/playbooks/roles/wsgihello/tasks/main.yml

➞

Show inline comments

 ---
 - name: Create directroy for storing code
   file: dest="/var/www/wsgi.{{ testsite_domain }}/code/" state=directory
         owner="admin-wsgi_{{ testsite_domain_underscores }}" group="web-wsgi_{{ testsite_domain_underscores }}" mode=2750
   ansible.builtin.file:
     dest: "/var/www/wsgi.{{ testsite_domain }}/code/"
     state: directory
     owner: "admin-wsgi_{{ testsite_domain_underscores }}"
     group: "web-wsgi_{{ testsite_domain_underscores }}"
     mode: "02750"
 - name: Deploy WSGI application
   copy: src="hello.wsgi" dest="/var/www/wsgi.{{ testsite_domain }}/code/wsgi.py"
         owner="admin-wsgi_{{ testsite_domain_underscores }}" group="web-wsgi_{{ testsite_domain_underscores }}" mode=640
   ansible.builtin.copy:
     src: "hello.wsgi"
     dest: "/var/www/wsgi.{{ testsite_domain }}/code/wsgi.py"
     owner: "admin-wsgi_{{ testsite_domain_underscores }}"
     group: "web-wsgi_{{ testsite_domain_underscores }}"
     mode: "0640"
   notify:
     - Restart wsgihello

testsite/playbooks/roles/wsgihello2/handlers/main.yml

➞

Show inline comments

 ---
 - name: Restart wsgihello2
   service:
+  ansible.builtin.service:
     name: "wsgireq.{{ testsite_domain }}"
     state: restarted

testsite/playbooks/roles/wsgihello2/tasks/main.yml

➞

Show inline comments

 ---
 - name: Create directory for storing code
   file: dest="/var/www/wsgireq.{{ testsite_domain }}/code/" state=directory
         owner="admin-wsgireq_{{ testsite_domain_underscores }}" group="web-wsgireq_{{ testsite_domain_underscores }}" mode=2750
   ansible.builtin.file:
     dest: "/var/www/wsgireq.{{ testsite_domain }}/code/"
     state: directory
     owner: "admin-wsgireq_{{ testsite_domain_underscores }}"
     group: "web-wsgireq_{{ testsite_domain_underscores }}"
     mode: "02750"
 - name: Deploy requirements and its source for upgrade checks
   copy: src="{{ item }}" dest="/etc/pip_check_requirements_upgrades/wsgireq.{{ testsite_domain }}/{{ item }}"
         owner="root" group="pipreqcheck" mode=640
   ansible.builtin.copy:
     src: "{{ item }}"
     dest: "/etc/pip_check_requirements_upgrades/wsgireq.{{ testsite_domain }}/{{ item }}"
     owner: "root"
     group: "pipreqcheck"
     mode: "0640"
   with_items:
     - requirements.in
     - requirements.txt
 - name: Deploy requirements
   copy: src="requirements.txt" dest="/var/www/wsgireq.{{ testsite_domain }}/code/requirements.txt"
         owner="admin-wsgireq_{{ testsite_domain_underscores }}" group="web-wsgireq_{{ testsite_domain_underscores }}" mode=640
 - name: Install latest version of pip
   become_user: "admin-wsgireq_{{ testsite_domain_underscores }}"
   pip: name=pip state=latest virtualenv="/var/www/wsgireq.{{ testsite_domain }}/virtualenv"
   ansible.builtin.copy:
     src: "requirements.txt"
     dest: "/var/www/wsgireq.{{ testsite_domain }}/code/requirements.txt"
     owner: "admin-wsgireq_{{ testsite_domain_underscores }}"
     group: "web-wsgireq_{{ testsite_domain_underscores }}"
     mode: "0640"
 - name: Deploy pip-tools
   become: true
   become_user: "admin-wsgireq_{{ testsite_domain_underscores }}"
   pip: name=pip-tools state=present virtualenv="/var/www/wsgireq.{{ testsite_domain }}/virtualenv"
   ansible.builtin.pip:
     name: pip-tools
     state: present
     virtualenv: "/var/www/wsgireq.{{ testsite_domain }}/virtualenv"
 - name: Synchronise virtual environment with requirements file
   become: true
   become_user: "admin-wsgireq_{{ testsite_domain_underscores }}"
   command: "'/var/www/wsgireq.{{ testsite_domain }}/virtualenv/bin/exec' pip-sync ~/code/requirements.txt ~/.wsgi_requirements.txt"
+  ansible.builtin.command: "'/var/www/wsgireq.{{ testsite_domain }}/virtualenv/bin/exec' pip-sync ~/code/requirements.txt ~/.wsgi_requirements.txt"
   register: pip_sync_result
   changed_when: "pip_sync_result.stdout != 'Everything up-to-date'"
   notify:
     - Restart wsgihello2
 - name: Deploy WSGI application
   copy: src="hello.wsgi" dest="/var/www/wsgireq.{{ testsite_domain }}/code/wsgi.py"
         owner="admin-wsgireq_{{ testsite_domain_underscores }}" group="web-wsgireq_{{ testsite_domain_underscores }}" mode=640
   ansible.builtin.copy:
     src: "hello.wsgi"
     dest: "/var/www/wsgireq.{{ testsite_domain }}/code/wsgi.py"
     owner: "admin-wsgireq_{{ testsite_domain_underscores }}"
     group: "web-wsgireq_{{ testsite_domain_underscores }}"
     mode: "0640"
   notify:
     - Restart wsgihello2

testsite/playbooks/site.yml

➞

Show inline comments

 ---
 - import_playbook: preseed.yml
 - import_playbook: ldap.yml
 - import_playbook: xmpp.yml
 - import_playbook: mail.yml
 - import_playbook: web.yml
 - import_playbook: backup.yml
 - import_playbook: ws.yml
 - ansible.builtin.import_playbook: preseed.yml  # noqa name[play]
 - ansible.builtin.import_playbook: ldap.yml  # noqa name[play]
 - ansible.builtin.import_playbook: xmpp.yml  # noqa name[play]
 - ansible.builtin.import_playbook: mail.yml  # noqa name[play]
 - ansible.builtin.import_playbook: web.yml  # noqa name[play]
 - ansible.builtin.import_playbook: backup.yml  # noqa name[play]
 - ansible.builtin.import_playbook: ws.yml  # noqa name[play]

testsite/playbooks/tls.yml

➞

Show inline comments

 ---
 - hosts: preseed
 - name: Generate TLS private keys and certificates
   hosts: preseed
   vars:
     host_tls_info:
       - hostname: ldap
         service: ldap
         name: LDAP
       - hostname: mail
@@ @@ -28,29 +29,33 @@ @@
         service: xmpp
         name: XMPP
         extra_dns_names:
           - "{{ testsite_domain }}"
   tasks:
     - name: Create GnuTLS certificate templates for all hosts
       template: src="../tls/gnutls_server_certificate.cfg.j2" dest="../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.cfg"
       ansible.builtin.template:
         src: "../tls/gnutls_server_certificate.cfg.j2"
         dest: "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.cfg"
         mode: "0640"
       with_items: "{{ host_tls_info }}"
     - name: Create the CA key
       command: certtool --sec-param high --generate-privkey --outfile ../tls/ca.key
+      ansible.builtin.command: certtool --sec-param high --generate-privkey --outfile ../tls/ca.key
       args:
         creates: ../tls/ca.key
     - name: Create the CA certificate
       command: certtool --template ../tls/ca.cfg --generate-self-signed --load-privkey ../tls/ca.key --outfile ../tls/ca.pem
+      ansible.builtin.command: certtool --template ../tls/ca.cfg --generate-self-signed --load-privkey ../tls/ca.key --outfile ../tls/ca.pem
       args:
         creates: ../tls/ca.pem
     - name: Create private keys for all hosts
       command: certtool --sec-param normal --generate-privkey --outfile "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.key"
       ansible.builtin.command: |
         certtool --sec-param normal --generate-privkey --outfile "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.key"
       with_items: "{{ host_tls_info }}"
       args:
         creates: "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.key"
     - name: Issue certificates for all hosts
       shell: sleep 1 && certtool --generate-certificate
+      ansible.builtin.shell: sleep 1 && certtool --generate-certificate
              --load-ca-privkey "../tls/ca.key" --load-ca-certificate "../tls/ca.pem"
              --template "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.cfg"
              --load-privkey "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.key"
              --outfile "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.pem"
       with_items: "{{ host_tls_info }}"
       args:

testsite/playbooks/web.yml

➞

Show inline comments

 ---
 - hosts: web
 - name: Deploy web server
   hosts: web
   remote_user: ansible
   become: true
   roles:
     - common
     - ldap_client
     - mail_forwarder

testsite/playbooks/ws.yml

➞

Show inline comments

 ---
 - hosts: workstation
 - name: Deploy workstation
   hosts: workstation
   remote_user: ansible
   become: true
   roles:
     - common
     - mail_forwarder

testsite/playbooks/xmpp.yml

➞

Show inline comments

 ---
 - hosts: xmpp
 - name: Deploy XMPP server
   hosts: xmpp
   remote_user: ansible
   become: true
   roles:
     - common
     - ldap_client
     - mail_forwarder

0 comments (0 inline, 0 general)